As root, created a new non-root user on RHEL 7.5
appuser:x:1903:1903:appuser:/home/appuser:/bin/bash
A non-root user to be able to sudo to appuser
,
sudo -u appuser
without a password,
What are the changes required on RHEL 7.5?
As root, created a new non-root user on RHEL 7.5
appuser:x:1903:1903:appuser:/home/appuser:/bin/bash
A non-root user to be able to sudo to appuser
,
sudo -u appuser
without a password,
What are the changes required on RHEL 7.5?
You can edit the "User privilege specification" section of /etc/sudoers
, adding:
non-root-user ALL = (appuser) NOPASSWD: ALL
This will allow non-root-user
to run all commands as appuser
. non-root-user
will not be allowed to run commands as root.
Note that errors in /etc/sudoers
can make a system unusable. The file should only be edited with:
$ sudo visudo
This special editor checks the sudoers
file for errors before saving and refuses to save it if errors are found.
-r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers
. Do you think this is customised permision?
– overexchange
Oct 29 '18 at 15:50
-r--r-----
is the standard file mode for /etc/sudoers
. Refer to my edited answer for how to edit it.
– fra-san
Oct 29 '18 at 17:18
visudo: /etc/sudoers: Permission denied
if I do not have root privileges, so I don't see how this answers the question.
– Sridhar Sarnobat
Feb 26 '20 at 20:02
sudo visudo
part is just a clarification on how to (safely) edit /etc/sudoers
, i.e. how to configure the system so that an unprivileged user can authenticate as another unprivileged user without being prompted for a password. That step requires root access, of course (and the OP does have it). Apparently, the question is not about how to configure a non-root user using a non-root user. Does this clear your doubts?
– fra-san
Feb 26 '20 at 21:40
sudo su - appuser
is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get toappuser
, so they wouldsudo -su appuser
(here,-su
is two flags,-s -u
). No need for thesu
command anywhere. – Chris Davies Oct 29 '18 at 15:01sudo -u syslog
does not work. It asks for the password for current user – overexchange Oct 29 '18 at 15:05sudo
does. – Chris Davies Oct 29 '18 at 15:28